Winamp Multiple Vulnerabilities
Last Update Date:
28 Oct 2011 14:58
Release Date:
28 Oct 2011
5831
Views
RISK: Medium Risk
TYPE: Clients - Audio & Video
Multiple vulnerabilities have been identified in Winamp, which can be exploited by malicious people to compromise a user's system.
- An error in the in_midi.dll plugin when handling the "iOffsetMusic" value within the Creative Music Format (CMF) header can be exploited to cause a heap-based buffer overflow via a specially crafted MIDI file.
- An error in the in_mod.dll plugin when handling the "channels" value within the Advanced Module Format (AMF) header can be exploited to cause a heap-based buffer overflow via a specially crafted ".amf" file.
- An error in the in_nsv.dll plugin when handling the "toc_alloc" value within the Nullsoft Streaming Video (NSV) header can be exploited to cause a heap-based buffer overflow via a specially crafted ".nsv" file.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
Impact
- Remote Code Execution
System / Technologies affected
- Winamp 5.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 5.622.
Vulnerability Identifier
- No CVE information is available
Source
Related Link
Share with